fix: add correct binary for manager and set runAsUser: 1000 in deployment.yaml

[jokestax]

Description:

This PR addresses the issue related to the missing manager binary in the Dockerfile and an error encountered due to user permissions in the deployment.yaml.

1. Dockerfile Update:

   • The correct binary for manager has been added to the Dockerfile as expected in line 38 of the deployment config.

2. Deployment Update:

   • Added runAsUser: 1000 to the deployment.yaml to resolve the permission error shown below:

     

Testing

To test this change:

1. Clone the repository.
2. Run make build.image.controlplane.
3. Create a Kubernetes cluster using either Kind or K3d.
4. Run kubectl apply -k config/default to deploy the changes.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jokestax
Once this PR has been reviewed and has the lgtm label, please assign astoycos for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[shaneutt]

/cc @aryan9600

[aryan9600]

thanks for sending this PR! needs a couple of changes.

[aryan9600]

we should be setting the user in the dockerfile itself like so:

USER 1000:1000

[jokestax]

sorry for the late reply,been travelling to attend Kubecon India 😅 ,i will make the changes

[jokestax]

Hi @aryan9600 ,i tried by placing USER 1001:1001 in dockerfile,it shows the same error as error: container has runasnonroot and image will run as root

[aryan9600]

you might be setting the user in the build step of the Dockerfile. you should set it in the final step of the Dockerfile:

FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx-tools

FROM --platform=$BUILDPLATFORM rust:alpine AS builder

RUN apk add --no-cache clang lld

WORKDIR /workspace

COPY --from=xx-tools / /

ARG TARGETPLATFORM
ARG PROJECT_DIR=/workspace
ARG BUILD_DIR=$PROJECT_DIR/build

RUN --mount=type=bind,source=../controlplane/src/,target=src \
    --mount=type=bind,source=../controlplane/Cargo.toml,target=Cargo.toml \
    --mount=type=bind,source=../controlplane/Cargo.lock,target=Cargo.lock \
    xx-cargo build --release --target-dir $BUILD_DIR && \
    xx-verify ./build/$(xx-cargo --print-target-triple)/release/controller

RUN cp ./build/$(xx-cargo --print-target-triple)/release/controller /workspace/manager

FROM alpine:latest

WORKDIR /

USER 1000:1000
COPY --from=builder /workspace/manager /manager

i can get the application to run with this Dockerfile and without the need for runAsUser in the deployment configuration.

[jokestax]

hi @aryan9600 ,i did set in the final step but its not working 🥲 ,can we hop on a meet whenever you are free?

[aryan9600]

could you share the error you're seeing?